CVE-2006-0633
https://notcve.org/view.php?id=CVE-2006-0633
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. • http://forums.invisionpower.com/lofiversion/index.php/t200085.html http://www.r-security.net/tutorials/view/readtutorial.php?id=4 • CWE-287: Improper Authentication •
CVE-2005-1597 – Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-1597
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. • https://www.exploit-db.com/exploits/43824 http://forums.invisionpower.com/index.php?showtopic=168016 http://marc.info/?l=bugtraq&m=111539908705851&w=2 http://secunia.com/advisories/15265 http://securitytracker.com/id?1013907 http://www.gulftech.org/?node=research&article_id=00073-05052005 http://www.osvdb.org/16298 http://www.securityfocus.com/bid/13534 http://www.vupen.com/english/advisories/2005/0487 https://exchange.xforce.ibmcloud.com/vulnerabilities/20445 •
CVE-2005-1598 – Invision Power Board 2.0.3 - 'login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1598
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. • https://www.exploit-db.com/exploits/1013 https://www.exploit-db.com/exploits/1014 https://www.exploit-db.com/exploits/43824 http://forums.invisionpower.com/index.php?showtopic=168016 http://marc.info/?l=bugtraq&m=111539908705851&w=2 http://marc.info/?l=bugtraq&m=111712587206834&w=2 http://secunia.com/advisories/15265 http://securitytracker.com/id?1013907 http://securitytracker.com/id? •
CVE-2005-1443
https://notcve.org/view.php?id=CVE-2005-1443
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. • http://securitytracker.com/id?1013863 •
CVE-2005-0477 – Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection
https://notcve.org/view.php?id=CVE-2005-0477
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. Vulnerabilidad de secuencias de comandos en sitios cruzados en el código SML de Invision Power Board 1.3.1 FINAL permite a atacantes remotos la inyección de sripts arbitrarios mediante: un fichero de firmas, un mensaje que contiene una etiqueta IMG en una etiqueta COLOR cuyo estilo está puesto como background:url. • https://www.exploit-db.com/exploits/25143 http://marc.info/?l=bugtraq&m=110868196922995&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •